Affiliation:
1. University of California at Santa Cruz
Abstract
We present a novel approach for efficiently tracking information flow in a dynamically-typed language such as JavaScript. Our approach is purely dynamic, and it detects problems with implicit paths via a dynamic check that avoids the need for an approximate static analyses while still guaranteeing non-interference. We incorporate this check into an efficient evaluation strategy based on sparse information labeling that leaves information flow labels implicit whenever possible, and introduces explicit labels only for values that migrate between security domains. We present experimental results showing that, on a range of small benchmark programs, sparse labeling provides a substantial (30%-50%) speed-up over universal labeling.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference33 articles.
1. Termination-Insensitive Noninterference Leaks More Than Just a Bit
2. Gérard
Boudol
.
Secure information flow as a safety property. In Pierpaolo Degano Joshua D. Guttman and Fabio Martinelli editors Formal Aspects in Security and Trust volume
5491
of
Lecture Notes in Computer Science pages
20
--
34
.
Springer 2008
. 10.1007/978-3-642-01465-9_2 Gérard Boudol. Secure information flow as a safety property. In Pierpaolo Degano Joshua D. Guttman and Fabio Martinelli editors Formal Aspects in Security and Trust volume 5491 of Lecture Notes in Computer Science pages 20--34. Springer 2008. 10.1007/978-3-642-01465-9_2
3. Deepak Chandra and Michael Franz. Fine-grained information flow analysis and enforcement in a java virtual machine. pages 463--475 Dec. 2007. Deepak Chandra and Michael Franz. Fine-grained information flow analysis and enforcement in a java virtual machine. pages 463--475 Dec. 2007.
Cited by
12 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献